Hardware bypass is only supported in inline mode. Also, hardware bypass support depends on your software
application.
Note
When the appliance switches from normal operation to hardware bypass or from hardware bypass back to
normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length of
the interruption; for example, behavior of the optical link partner such as how it handles link faults and
debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on.
During this time, you may experience dropped connections.
Note
There are three configuration options for hardware bypass network modules:
• Passive interfaces—Connection to a single port.
For each network segment you want to monitor passively, connect the cables to one interface. This is
how the non-fail-to-wire network modules operate.
• Inline interfaces—Connection to any two like ports (10 G to 10 G for example) on one network module,
across network modules, or fixed ports.
For each network segment you want to monitor inline, connect the cables to pairs of interfaces.
• Inline with fail-to-wire interfaces—Connection of a fail-to-wire paired set.
For each network segment that you want to configure inline with fail-open, connect the cables to the
paired interface set.
For the 40-G network module, you connect the two ports to form a paired set. For the 1/10-G network
modules, you connect the top port to the bottom port to form a fail-to-wire paired set. This allows traffic
to flow even if the security appliance fails or loses power.
If you have a inline interface set with a mix of fail-to-wire and non-fail-to-wire interfaces, you cannot enable
hardware bypass on this inline interface set. You can only enable hardware bypass on an inline interface set
if all the pairs in the inline set are valid fail-to-wire pairs.
Note
For More Information
• See 1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass, on page 20 for a description
of the 1-G SX, 10-G SR, and LR network modules.
• See Remove and Replace the Network Module, on page 67 for the procedure for removing and
replacing single-wide network modules.
1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass
The following figure shows the front panel of the 1-G SX, 10-G SR and 10-G LR fail-to-wire network modules
FPRK2-NM-6X1SX-F, FPRK2-NM-6X10SR-F, FPR2K-NM-6X10LR-F). This is a single-wide module that
Cisco Firepower 2100 Series Hardware Installation Guide
20
Overview
1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass
To Next Page
Loading...
Need help?
General
